Provides Visibility into Suspicious Network Traffic Patterns, Adding Novel Threat Intelligence to Sophos’ Fast-Growing Managed Threat Response (MTR) and Rapid Response Services, Extended Detection and Response (XDR) Technology and Data Lake

OXFORD, U.K. — 七月 22, 2021 —

Sophos, a global leader in next-generation cybersecurity, today announced that it has acquired Braintrace, further enhancing Sophos’ Adaptive Cybersecurity Ecosystem with Braintrace’s proprietary Network Detection and Response (NDR) technology. Braintrace’s NDR provides deep visibility into network traffic patterns, including encrypted traffic, without the need for Man-in-the-Middle (MitM) decryption. Located in Salt Lake City, Utah, Braintrace launched in 2016 and is privately held.

As part of the acquisition, Braintrace’s developers, data scientists and security analysts have joined Sophos’ global Managed Threat Response (MTR) and Rapid Response teams. Sophos’ MTR and Rapid Response services business has expanded rapidly, establishing Sophos as one of the largest and fastest-growing MDR providers in the world, with more than 5,000 active customers.

Braintrace’s NDR technology will support Sophos’ MTR and Rapid Response analysts and Extended Detection and Response (XDR) customers through integration into the Adaptive Cybersecurity Ecosystem, which underpins all Sophos products and services. The Braintrace technology will also serve as the launchpad to collect and forward third-party event data from firewalls, proxies, virtual private networks (VPNs), and other sources. These additional layers of visibility and event ingestion will significantly improve threat detection, threat hunting and response to suspicious activity.

“You can’t protect what you don’t know is there, and businesses of all sizes often miscalculate their assets and attack surface, both on-premises and in the cloud. Attackers take advantage of this, often going after weakly protected assets as a means of initial access. Defenders benefit from an ‘air traffic control system’ that sees all network activity, reveals unknown and unprotected assets, and exposes evasive malware more reliably than Intrusion Protection Systems (IPS),” said Joe Levy, chief technology officer, Sophos. “We’re particularly excited that Braintrace built this technology specifically to provide better security outcomes to their Managed Detection and Response (MDR) customers. It’s hard to beat the effectiveness of solutions built by teams of skilled practitioners and developers to solve real world cybersecurity problems.”

Sophos will deploy Braintrace’s NDR technology as a virtual machine, fed from traditional observability points such as a Switched Port Analyzer (SPAN) port or a network Test Access Point (TAP) to inspect both north-south traffic at boundaries or east-west traffic within networks. These deployments help discover threats inside any type of network, including those that remain encrypted, serving as a complement to the decryption capabilities of Sophos Firewall. The technology’s packet and flow engine feeds a variety of machine learning models trained to detect suspicious or malicious network patterns, such as connections to Command and Control (C2) servers, lateral movement and communications with suspicious domains. Since Braintrace built its NDR technology specifically for predictive, passive monitoring, its engine also provides intelligent network packet capture that IT security administrators and threat hunters can use as supporting evidence during investigations. The novel NDR analysis and prediction technique is patent pending.

According to Gartner, “compared with traditional approaches, where malicious behavior is defined ahead of time in the form of prebuilt signatures and detection engines inspecting traffic looking for matches, NDR takes a different approach. Instead of only inspecting traffic against a list of known bad payloads or behaviors, NDR also focuses on looking for unknown patterns in the network traffic, calculating a probability as to whether that anomaly is malicious.”1 Gartner further notes that, "the machine learning algorithms that are at the core of many NDR products help to detect anomalous traffic that is often missed by other detection techniques. The optional automated response capabilities help to offload some of the workload for incident responders. The threat hunting functionality provides valuable tools for incident responders."2

“NDR is critical to successful threat hunting. Braintrace’s competitive differentiation is its unique NDR technology that our MDR analysts leveraged for finding, interrupting and remediating cyberattacks,” said Bret Laughlin, CEO and co-founder of Braintrace. “With our own NDR technology, the team responds faster and more accurately because of the real-time, automated visibility and threat verification they have into encrypted traffic. We built Braintrace’s NDR technology from the ground up for detection and now, with Sophos, it will fit into a complete system to provide cross-product detection and response across a multi-vendor ecosystem.”

Braintrace’s NDR technology is a key component for defending against cyberattacks today and in the future. Sophos research demonstrates how adversaries aggressively and constantly change tactics to evade detection and execute their attacks. Braintrace’s technology helps uncover malicious C2 traffic from malware, such as ColbaltStrike, BazaLoader and TrickBot, as well as zero-days, that could lead to ransomware and other attacks. This visibility allows threat hunters and analysts to pre-empt any potential ransomware attack, including recent strikes by REvil and DarkSide.  

Sophos plans to introduce Braintrace’s NDR technology for MTR and XDR in the first half of 2022.

1 Gartner, Emerging Technologies: Adoption Growth Insights for Network Detection and Response, March 24, 2021, Nat Smith, Christian Canales, Josh Chessman

2Gartner, Hype Cycle for Network Security, 2021, July 14, 2021, Shilpi Handa, Pere Shoard

关于 Sophos

Sophos 是全球领先的网络安全公司,凭借其人工智能驱动的平台和专家主导的服务,保护着全球 60 万家组织的安全。Sophos 根据各组织在不同安全成熟度的各式各样的需求提供支持,并与其共同成长,携手应对日益严峻的网络攻击。其解决方案结合机器学习、自动化、实时威胁情报以及来自 Sophos X-Ops 的前线真人专家的专业知识,提供 24/7 全天候高级威胁监控、侦测与响应服务。
Sophos 提供行业领先的托管式侦测与响应 (MDR) 服务,同时配备一整套全面的网络安全技术组合,包括端点、网络、电子邮件和云安全、扩展式侦测与响应 (XDR)、身份辨识威胁侦测与响应 (ITDR),以及下一代 SIEM。结合专家咨询服务,这些能力帮助组织主动降低风险,并更迅速地响应,提供力求在不断变化的威胁面前保持领先所需的可见性和可扩展性。
Sophos 通过全球合作伙伴生态系统进入市场,包括托管式服务提供商 (MSPs)、托管式安全服务提供商 (MSSPs)、经销商、分销商、市场集成商以及网络风险合作伙伴,为组织提供灵活的选择,使其能够在保护业务安全的同时建立值得信赖的合作关系。  Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.cn。